It is important to understand how to make sure your telehealth video app is HIPAA compliant so that your patients’ information can be secured properly. For discussion purposes, we will consider a telehealth application where patients may search for doctors and then schedule a video consultation with them.
To keep it simple, let’s focus on the healthcare provider directory and the patient’s video consultation. When the patient is booking a consultation with their doctor, these are example areas that should be considered private information:
- Patient name and username
- Patient zip code and region they are searching
- Patient address
- Patient account information
- Any notes the patient has on their profile about past treatments or medical conditions.
- Reviews of the doctor by past patients must be anonymized. No usernames or dates of treatments should be shared by past patients. A 1-5 star rating is fine, but a testimonial that identifies the past patient or shares details about their treatment is unacceptable.
- Details on numbers of patients treated in the past by that doctor in a particular region
- Any payment information or healthcare plan information supplied by the patient must be protected.
Once the patient is speaking with the doctor in the video chat session, a tool with the following features ensures that patient information is protected:
- Video chat must be secure and encrypted (WebRTC helps with this since the video/audio transmission are encrypted in-transit).
- Any recordings of the session should be done only with patient consent and must be securely stored so that others cannot access it without proper authorization.
- Any text chat between provider/patient should be encrypted if stored in a database, or not stored at all.
- Any notes that the provider or patient take in the tool should also be encrypted and treated as an electronic medical record private to that patient.
- Any files exchanged between the provider and patient must be encrypted in-transit (the WebRTC Data Channel can do this) and, if stored, must be securely stored with only access to authorized users.
- If any images or screenshots are saved in the application, they must also be securely stored and only accessible to authorized users.
How WebRTC.ventures Helped Docto get to a workable beta service using WebRTC in 3 months
- The 5 Areas You Must Secure in your Telehealth Application
Think a telehealth solution may be right for your healthcare business?
We have a telehealth platform that is already built and can be quickly white-labeled and licensed for your use. We have decades of experience with over 200,000 hours invested in building real-time applications. You can read a client testimonial here.
Contact us today. We’ll help you get your user-friendly, HIPAA-compliant app up and running with both the provider and patient in mind.